Tailscale使用以及搭建自己的derp中继服务器

Tailscale安装

各平台在这个页面对应点击下载安装(https://tailscale.com/download/)

有UI的平台都比较容易,主要记录一下Linux server 加入Tailscale网络的过程,以Debian 11 为例

  1. Add Tailscale’s package signing key and repository:
curl -fsSL https://pkgs.tailscale.com/stable/ubuntu/focal.noarmor.gpg | sudo tee /usr/share/keyrings/tailscale-archive-keyring.gpg >/dev/null
curl -fsSL https://pkgs.tailscale.com/stable/ubuntu/focal.tailscale-keyring.list | sudo tee /etc/apt/sources.list.d/tailscale.list
  1. Install Tailscale:
sudo apt-get update
sudo apt-get install tailscale
  1. Connect your machine to your Tailscale network and authenticate in your browser:
sudo tailscale up

在这一步将命令行的连接复制到浏览器打开认证即可。并且可以通过--advertise-routes来设置子网转发,例如sudo tailscale up --advertise-routes=10.0.0.0/24,10.0.1.0/24

  1. You’re connected! You can find your Tailscale IPv4 address by running:
tailscale ip -4

搭建derp中继服务器(Docker)

Dockerfile

FROM golang:1.19
# 在国内可以加上这行使用国内源
# RUN go env -w  GOPROXY=https://goproxy.cn,direct
RUN go install tailscale.com/cmd/derper@main
ENTRYPOINT ['derper']

构建镜像

docker build . -t derper:latest

docker运行derper服务

docker run -d --name derper -p 8001:8001 -p 3478:3478 derper -a :8001

使用nginx配置https并代理derper,以域名derper.example.com为例,在/etc/nginx/conf.d/derper.example.com.conf文件中写入如下配置

server {
  listen 443 ssl http2;
  listen [::]:443 ssl http2;
  ssl_certificate     /data/ssls/derper.example.com/derper.example.com.pem;
  ssl_certificate_key /data/ssls/derper.example.com/derper.example.com.key;

  server_name derper.example.com;
  client_max_body_size 500M;

  location / {
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header Host $host;
    proxy_pass http://127.0.0.1:8001;
    proxy_http_version 1.1;
    proxy_set_header Upgrade $http_upgrade;
    proxy_set_header Connection "upgrade";
  }
}

relaod配置

nginx -s reload